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ABSTRACT 

Blind  signature  is  a variant  of  digital  signature  which  helps  the  user  to  obtain  a signature  without  giving  any 
information  about  the  message  to  the  signer  and  the  signer  cannot  tell  which  session  of  the  signing  protocol  corresponds  to 
which  message.  Blind  signatures  may  seem  to  be  a myth;  it  is  a practical  reality  due  to  its  wide  applications  in  real  life  like 
e-coin  and  e- voting.  This  paper  focuses  on  the  study  of  variants  of  blind  signatures  with  its  eminent  real  world  applications. 
It  also  discuses  about  future  research  scope  of  blind  signatures. 

KEYWORDS:  Blindness,  Blind  Signature,  Unforgeability,  Unframeability 

I.  INTRODUCTION 

Data  security  was  a key  issue  in  the  ancient  era.  Data  transfer  in  a secured  manner  is  one  of  the  pivotal  tasks  in  the 
twenty  first  century  also.  Malicious  users  may  eagerly  listen  to  the  communication  between  two  entities  so  that  it  is  very 
important  to  ensure  security,  integrity,  authenticity,  non-repudiation  and  privacy  of  the  data.  However,  when  two  entities 
communicate,  there  is  a big  risk  of  this  secrecy  being  violated  through  leakage  of  information.  Cryptology  plays  a crucial 
role  to  fulfil  this  security  requirement.  The  fundamental  objective  of  cryptology  is  the  secure  communication  between 
sender  and  receiver  through  insecure  channel.  Cryptology  is  broadly  categorised  in  to  cryptography  and  cryptanalysis. 
Cryptography  is  the  study  of  hiding  the  information  which  ensures  integrity,  authenticity  and  privacy  of  data.  Since  perfect 
security  is  almost  impossible  (except  for  one  time  pad),  cryptanalysis  is  the  study  of  finding  out  the  weaknesses  of  the 
design  of  existing  cryptosystems.  Social  networks  provide  abundance  of  exciting  and  amazing  applications  that  lead  to  its 
rapid  growth  in  this  century.  Online  social  networks  help  to  connect  to  the  people  and  also  encourage  creating,  sharing  and 
collaborating  data  in  an  adequate  way.  However,  serious  security  and  privacy  problems  have  prevented  the  wide  adoption 
of  these  networks  because  when  secured  information  falls  into  a wrong  hand  that  may  lead  to  hazardous  situations. 
Cryptographic  measures  can  overwhelm  these  concerns  to  a certain  extent.  In  online  social  networks  a lot  of  information 
has  to  be  shared  and  communicated,  while  preserving  the  privacy. 

Encryption  and  digital  signatures  are  the  eminent  cryptographic  primitives  which  play  a crucial  role  in  providing 
security  and  authenticity  to  the  data.  Encryption  provides  confidentiality  to  the  transmitted  data.  Digital  signatures  are  the 
primitives  which  sustain  authentication  and  non-repudiation  of  the  data.  Digital  signature  scheme  signs  documents  in  such 
a way  that  anyone  can  verify  the  authenticity  of  the  signature.  Due  to  its  relevance,  a large  number  of  variants  of  signature 
schemes  have  emerged,  like  multi-signature  [1],  ring  signature  [2],  group  signature  [3],  threshold  signature  [4],  aggregate 
signature  [5],  proxy  signature  [6],  blind  signature  [7]  etc. 

Blind  signature  is  a variant  of  digital  signature  that  provides  assurance  of  authenticity  of  a message  by  the  signer 


www.iaset.us 


editor@iaset.us 


110 


Sangeetha  Jose&  Sudin  S 


without  revealing  any  information  about  the  signed  message.  This  signature  primitive  is  used  in  real  world  applications  in 
which  message  anonymity  is  highly  important  during  the  signing  process,  like  in  e-voting  and  in  digital  cash.  This 
motivates  us  for  a detailed  study  on  variants  of  blind  signatures. 

This  paper  is  organised  as  follows.  Section  II  describes  the  related  works  with  blind  signatures.  Section  III 
discusses  variants  of  blind  signature  schemes  along  with  its  applications.  Section  IV  concludes  with  future  research  scope. 

II.  RELATED  WORKS 

The  idea  of  blind  signature  was  put  forward  by  David  Chaum  (1982)  [7],  This  is  a variant  of  digital  signature  in 
which  the  content  of  the  message  is  blinded  before  it  is  signed.  It  also  assures  the  unforgeability  property  of  signature.  The 
provably  secure  design  for  blind  signature  was  proposed  by  Point  cheval  and  Stem  [8]  in  which  they  defined  the  security 
for  blind  signatures  with  application  to  electronic  cash.  Security  arguments  for  blind  signatures  are  proposed  in  different 
papers  [9],  [10]  and  [11].  In  cryptography,  blind  signature  is  a primitive  that  provides  assurance  of  authenticity  of  a 
message  by  a signer  without  revealing  any  information  about  the  message  to  him.  This  signature  primitive  is  used  in  real 
world  applications  in  which  message  anonymity  is  highly  important  during  the  signing  process,  like  in  e-voting  and  in 
digital  cash. 

Blind  signature  scheme  is  a two  party  protocol  between  user  and  signer.  Blind  signing  process  has  mainly  three 
phases  as  shown  in  figure  1 . 

• Blinding:  Blinding  process  blinds  the  original  message  by  some  random  value  and  outputs  blind  message.  User 
blinds  the  message. 

• Signing:  User  sends  the  blind  message  to  the  signer.  Signer  signs  on  blinded  message  and  blind  signatures  are  the 
output  after  this  phase. 

• Unblinding:  User  unblinds  the  blinded  signature  and  obtains  signature  on  the  original  message. 


User  Signer 


M:  Message 

Figure  1 : Process  of  Blind  Signature 
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Blind  signature  also  supports  public  verification  which  is  similar  to  the  digital  signature  which  ensures  the  validity 
of  the  signature.  Blind  signature  provides  unforgeability  and  blindness  properties.  Unforgeability  ensures  that  only  the 
signer  can  make  a valid  message-signature  pair.  Blindness  shows  that  signer  learns  nothing  about  the  content  of  a message 
he  is  helping  to  sign.  Hence  the  security  of  blind  signature  is  defined  by  unforgeability  and  blindness  [[9],  [10]]. 

Blind  signatures  are  widely  used  in  a number  of  cryptographic  applications  where  signer  has  to  authenticate  a 
message  for  the  user  while  maintaining  privacy  of  the  user’s  message.  Integrity  of  the  e-voting  requires  that  each  ballot  has 
to  be  certified  by  an  election  authority  without  learning  voter’s  selection.  Here  we  need  to  maintain  the  anonymity  of  user’s 
message  (i.e.,  vote)  and  at  the  same  time  it  has  to  be  authenticated  (signed)  by  the  election  authority.  This  can  be  achieved 
with  the  help  of  blind  signatures  because  of  its  blindness  and  unforgeability  properties. 


Check  Credentials 
of  the  Voter 


SIGNING 


Blinded  Ballot 
Paper  with  Vote 


BLINDING 
Blinding  of 
Ballot  Paper 
with  Vote 


ELECTION  AUTHORITY 


Blind  Signature  on 
Ballot  Paper  with  Vote 


Submission  of  Ballot  Paper 
VNBUNDING  Contains  Vote  with  the 
Unblinding 
of  Ballot  Paper 


Authority's  Signature 


VOTER 


COUNTING  CENTER 


Figure  2:  Process  of  E-Voting 


Figure  2 illustrates  e-voting  process.  Voter  casts  the  vote  and  blinds  the  vote.  Blinded  vote  will  be  sent  to  the 
election  authority.  Election  authority  checks  the  credentials  of  the  voter  and  if  it  is  valid  then  authority  signs  on  the  blinded 
vote.  This  blinded  signature  sends  back  to  the  voter  and  voter  performs  unblinding  process  and  obtains  the  vote  with 
election  authority’s  signature.  Now  the  voter  can  submit  the  valid  vote  to  counting  centre.  Here  each  vote  is  certified  by  an 
election  authority  before  it  can  be  accepted  for  counting  and  also  the  authority  should  not  learn  anything  about  the  voter’s 
selections. 


Chaurn  [7]  introduced  the  first  blind  signature  scheme  based  on  RSA  (Rivest,  Shamir  and  Adleman)  signature 
[12],  Key  generation  phase  is  same  as  that  of  RSA.  As  shown  in  figure  3,  p and  q are  two  large  prime  and  N = p xq.  4>(N) 
is  Euler’s  totient  function  which  finds  the  number  of  positive  integers  which  is  smaller  and  relatively  prime  to  N.  Signer’s 
public  and  secret  keys  are  ( N , e ) and  d respectively  where  e and  d are  multiplicative  inverses.  Blind  signing  consists  of 
three  sub  phases  blinding,  signing  and  unblinding.  Blinding  is  done  with  the  help  of  a random  value  r which  produces  a 
blinded  message  (m  ’).  Signing  is  done  with  the  help  of  secret  key  d of  the  signer.  Signer  signs  on  the  blinded  message  and 
gives  back  blind  signature  (c')  to  the  user.  User  unblinds  it  and  obtains  the  signature  (o)  which  is  the  original  message 
with  signer’s  signature.  Since  d and  e are  inverses  in  modulo  </>(N),  with  the  help  of  Euler’s  Theorem  [13]  we  can  easily 
prove  the  correctness.  In  fact,  the  signature  crobtained  in  unblinding  satisfies 

a = cr’  r1  mod  N 
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= (m  re  mod  N)  d r1  mod  N 
= md  mod  N 
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• KeyCen 

N = n <P(N)  = (p-  1)((/-1) 

Select  e,  gcd(e,^(N))=l, 

N,e:  Signer's  public  key, 

• BlindSign 

user" 

Blmding(m,e) 
rein 

m =mf  mod  N 

Unblinding(o'  ,r) 
a = a'fhnod  N 

• Verify(o,m,e) 
m = c fmod  N 


Compute  d,  ed  =1  (mod  tp(N)) 
d : Signer's  secret  key 


SIGNER 

m 

> Sigtiing(m'  ,d) 

o'  o'  = (m'fmod  N 


Figure  3:  Chaum’s  Blind  Signature  Scheme 

III.  A DETAILED  STUDY  ON  VARIANTS  OF  BLIND  SIGNATURE  SCHEMES 

Blind  signature  is  a variant  of  digital  signature  in  which  content  is  blinded  before  it  is  signed  which  is  illustrated 
in  Figure  4.  That  is,  signer  puts  signature  on  the  document  without  knowing  what  the  document  contains  and  everyone  can 
verify  the  validity  of  the  signature.  It  prevents  the  signer  from  observing  the  message  it  signs. 


Blinded 

Signature  on 

Unblinding 

M 

Message 

Minded  Message 

I 

M 

I 

User  Signer  Signer  User 


M-Message 

Figure  4:  Concept  of  Blind  Signature 

As  specified  in  section  II  Chaum  introduced  the  concept  of  blind  signature  which  is  based  on  RSA  signature  with 
applications  in  e-voting  and  payment  transactions.  Chaum  et  al.  [14]  explains  the  use  of  blind  signature  in  the  scenario  of 
electronic  cash  and  formal  proofs  for  the  protocol  was  left  as  an  open  challenge.  Two  new  blind  signature  schemes  based 
on  discrete  logarithm  problem  were  designed  by  Camenisch  et  al.  [15], 

A provably  secure  design  for  blind  signature  was  elaborated  by  Point  cheval  and  Stem  [8].  They  proposed  the 
definition  of  security  for  blind  signatures  with  application  to  electronic  cash.  They  also  provided  the  security  proof  in 
random  oracle  model.  Unforgeability  of  the  blind  signature  was  explained  with  the  concept  of  one -more  forgery.  Suppose  l 
is  an  integer  which  indicates  the  number  of  interactions  with  the  signer.  After  / interactions  if  user  could  produce  l + 1 
signature,  then  there  is  one-more  forgery  occurs.  They  proved  that  one-more  forgery  happens  only  with  negligible 
probability.  They  had  shown  that  how  the  witness  indistinguishable  identification  schemes  could  be  converted  into  blind 
signature  schemes.  They  also  explained  Okomoto-Schnorr  blind  signature  and  shown  its  proof  of  security. 
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Juels  et  al.  [9]  showed  that  how  the  security  and  blindness  property  for  blind  digital  signatures  can  be  defined  by 
considering  an  arbitrary  one  way  trapdoor  permutation  family.  They  presented  the  first  blind  signature  scheme  with 
complexity  based  proof  of  security.  They  proved  it  to  be  as  secure  as  factoring.  They  also  formally  defined  the  notion  of 
the  security  of  the  blind  signature  scheme.  Figure  5 describes  the  eminent  works  in  blind  signatures. 


Ctaum(l982)  (Introduced  the  concept  of  Blind  Signature! 


Chaum  et  al.(1988)(  Blind  signature  based  on  RSA| 


Camenisch  el  all  1994)  |Two  new  blind  signatures  based  on  DLP] 


Pointcheval  and  Stern  (1996  f 
[First  provably  secure  design  in  ROM] 


Juels  etal.  (1997) 

(First  complexity  based  provably  secure  design  j 


Figure  5:  Eminent  Works  in  Blind  Signature 

Due  to  extensive  use  in  different  applications,  different  blind  signatures  and  its  variants  have  emerged.  Camenisch 
et  al.  [16]  proposed  efficient  blind  signatures  without  random  oracles.  They  designed  blind  signing  function  as  a secure  and 
efficient  two-party  computation  which  uses  its  algebraic  properties  and  paillier  encryption  scheme.  The  security  of  the 
signature  scheme  is  based  on  the  strong  RSA  assumption  [17]  and  the  hardness  of  decisional  composite  residuosity  which 
is  commonly  used  in  the  proof  of  the  paillier  cryptosystems.  In  short,  they  elaborated  the  design  of  an  efficient  blind 
signature  scheme  which  is  in  standard  model. 

Okamoto  [18]  also  designed  blind  and  partially  blind  signatures  without  random  oracles.  These  signature  schemes 
were  secure  in  the  standard  model.  Okamoto’ s partially  blind  signature  scheme  was  the  first  one  which  is  secure  in  the 
standard  model.  Security  proof  of  these  schemes  requires  the  2SDH  (2-variable  strong  Diffie -Heilman)  assumption  [19],  a 
stronger  variant  of  the  SDH  (strong  Diffie-Hellman)  assumption. 

Zhang  and  Su  [20]  proposed  a short  blind  signature  scheme  from  bilinear  pairings.  The  size  of  the  signature  was 
short  with  only  half  size  of  the  DSA  (digital  signature  algorithm)  signature.  Since  there  were  no  pairings  in  the  blind 
signing  phase  and  in  the  verification  phase,  authors  claim  that  it  was  more  efficient  in  computation.  They  also  projected  out 
that  their  scheme  was  suitable  for  mobile  device  and  electronic  commerce.  The  security  of  the  scheme  was  reduced  to  the 
computational  Diffie  Heilman  problem  in  the  random  oracle  model. 

There  are  several  Identity  (ID)  based  blind  signature  schemes  in  the  literature  similar  to  that  of  public  key 
infrastructure  (PKI)  based  blind  signatures.  Zhang  and  Kim  [21]  proposed  the  first  ID  based  blind  signature  scheme  which 
was  based  on  the  bilinear  pairings.  Later  Zhang  and  Kim  [22]  also  proposed  an  ID  based  blind  signature  scheme  which  was 
more  efficient  than  Zhang  and  Kim  [21]  in  computational  cost.  Galindo  et  al.  [23]  explained  the  generic  construction  of  ID 
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based  blind  signature.  Gao  et  al.  [24]  also  proposed  a new  ID  based  blind  signature  scheme  based  on  bilinear  pairing.  They 
designed  an  entirely  new  scheme  which  was  not  based  upon  any  existing  ID  based  signature  schemes.  The  proposed 
scheme  was  based  on  an  assumption  known  as  one -more  bilinear  Diffie-Hellman  Inversion  (lm-BDHI)  assumption.  He  et 
al.  [25]  proposed  an  identity  based  blind  signature  scheme  without  bilinear  pairings. 

Lattice -based  blind  signature  is  proposed  by  Ruckert  [26]  by  applying  hard  lattice  problems  such  as  the  shortest 
vector  problem  [27].  Lattice  operations  are  more  powerful  than  modular  exponentiation  and  lattice  problems  remain  hard 
for  quantum  and  sub  exponential  time  adversaries.  Hence,  the  security  proofs  based  on  lattice  hard  problems  has 
advantages  over  using  the  factoring  or  discrete  logarithm  problems.  They  designed  a cryptosystem  with  random  oracle 
model.  It  was  also  a blind  signature  scheme  that  supports  leakage  resilience  [28]. 

Over  beck  [29]  proposed  a conversion  from  signature  schemes  connected  to  coding  theory  into  blind  signature 
schemes.  They  explained  formal  security  reductions  to  combinatorial  problems.  Author  claimed  that  the  blind  signature 
scheme  cannot  be  broken  by  quantum  computers.  They  presented  a blind  signature  based  on  syndrome  decoding  and 
showed  that  it  was  secure  against  active  adversaries  as  long  as  some  instances  of  NP  (non  deterministic  polynomial  time) 
hard  problems  were  hard  to  solve.  This  blind  signature  also  had  two  major  drawbacks,  large  signature  size  and  slow  blind 
signature  generation. 

Partially  blind  signature  was  an  extension  of  blind  signature  schemes  which  allows  a signer  to  include  necessary 
information  in  unblinded  form  like  expiration  date  etc.  in  the  signatures  under  some  agreement  with  the  receiver.  There 
were  different  partial  blind  signatures  in  the  literature  [[30],  [31],  [32],  [33]].  Partial  blind  signature  can  have  application 
with  the  electronic  cash  system,  which  successfully  minimises  the  growth  of  the  bank  databases. 

Proxy  blind  signature  is  a variant  form  of  blind  signature  which  allows  delegated  signer  to  generate  blind 
signature  on  behalf  of  the  original  signer  [[34],  [35],  [36]].  It  is  a combination  of  proxy  signature  with  blind  signature 
which  satisfies  the  security  properties  of  both  proxy  and  blind  signature  schemes. 


♦Cairaisdi  ct  al.(20W)  | standard  model  proof  nidi  strong  RSA  assumption] 
tPKI  ► -Kikomoto  (2(106)  (first  partially  blind  signature) 

' ♦Zhang  and  Sa  (2010)  (first  short  blind  signature) 

; -►Zhang  and  Kin  (2002)  (first  ID  based  blind  signature) 

Number  Theory  — >-»lD  ■♦Galindo  el  al.  (2006)  [generic  construction  of  blind  signature)! 

HHe  elal,  (201 1)  [blind  signature  without  bilinear  pairing] 

— ►Yangetal.(2(X)9) 

'Certificateless  — ►Sun  andWen  (2009) 

— ► Zhang  and  Gao  (201 0) 

♦Coding  Theory  — ♦ Overbeck  (2009)  (blind  signature  cannot  be  broken  by  quantum  computers! 
t+lattices  | Ruckert  (2010)  |hard  lattice  problems  such  as  the  shortest  vector  problem] 

Figure  6:  Overview  of  Different  Works  in  Blind  Signature 

A blind  signature  with  revocable  anonymity  and  unlink  ability  is  known  as  fair  blind  signature.  In  order  to  avoid 


Impact  Factor  (JCC):  3.5987 


NAAS  Rating:  1.89 


Variants  of  Blind  Signatures  - A Practical  Authentication  Scheme 


115 


the  misuse  of  e-cash,  an  authority  or  a trustee  can  link  an  issuing  session  to  the  generated  signature  and  also  can  trace  the 
signature  to  the  requested  user  [[37],  [38],  [39]].  Fuchsbauer  and  Vergnaud  [38]  claimed  the  construction  of  the  first 
practical  fair  blind  signature  scheme  and  proved  its  security  under  standard  model. 

Blind  ring  signatures  combine  properties  of  both  ring  signature  and  blind  signature  and  thus  provides  a strong 
notion  of  anonymity  where  the  privacy  of  both  the  identity  of  the  signer  and  the  message  is  preserved  [40].  Blind  ring 
signatures  have  different  applications  in  multi-authority  e-voting  and  distributed  e-cash  systems.  There  are  different  blind 
ring  signature  schemes  in  the  literature  [[40],  [41],  [42]]. 

Password  based  signatures  are  variants  of  signature  scheme  in  which  user’s  secret  signing  key  is  replaced  by  a 
password  so  that  it  is  easy  to  remember  and  hence  the  storage  problem  can  be  solved.  Gjosteen  and  Thuen  [43]  proposed 
password  based  signatures  based  on  RSA  [12]  and  CL  (Camenisch  and  Lysyanskaya)  [16]  signatures.  Since  passwords 
have  low  entropy,  usual  password  based  schemes  are  vulnerable  to  offline  password  attack.  Sangeetha  Jose  et  al.  [44] 
proposed  a strongly  secure  password  based  blind  signature  (ss-PBBS)  that  was  not  susceptible  to  offline  password  guessing 
attack  even  if  the  password  size  is  small.  Comparison  of  the  strongly  secure  password  based  blind  signature  with  other 
schemes  is  given  in  Table  1 . 


Table  1:  Comparison  of  SS-PBBS  with  Other  Schemes 


Scheme 

Underlying 

Signature 

Hardness 

Assumption 

Signature 

Size 

\Gjesteen  and\ 

Thuen \ (|201  ID 

Scheme  1 

RSA 

RSA  known- 
target  inver- 
sion 

1024  bits 

\Gj0steen  and\ 

\Thuen\  (|2021|) 
Scheme  2 

CL 

es-LRSW 

2048  bits 

PBBS  Scheme 

Jose  et  al. | (2013|) 

BLS 

CDH 

170  bits  (con- 
straint in  pass- 
word size) 

ss-PBBS  Scheme 

BLS 

CDH 

170  bits  (no  con- 
straint in  pass- 
word size) 

In  identity  based  encryption  (IBE),  user  gets  the  secret  key  from  private  key  generator  (PKG).  Green  and 
Hohenberger  [45]  proposed  a blind  key  extraction  (BKE)  protocol  for  extracting  the  secret  key  of  a user  in  a blinded 
manner  (blinded  from  PKG).  They  formalized  the  above  notion  as  blind  IBE  which  could  be  used  in  different  applications 
like  privacy  preserving  delegated  keyword  search,  temporary  anonymous  identities  and  so  on.  Camenisch  et  al.  [46]  also 
designed  a committed  blind  anonymous  IBE  scheme  based  on  Boyen  and  Waters  [47]  anonymous  IBE.  Lin  et  al.  [48] 
proposed  another  BKE  protocol  for  an  anonymous  IBE  by  Ducas  [49]  in  which  the  protocol  uses  zero  knowledge  proof  of 
knowledge  (ZKPoK)  with  increased  efficiency.  Even  though  there  are  blind  anonymous  identity  based  encryption  schemes 
[[45],  [46],  [48]],  existing  systems  are  complex  in  their  computation  and  communication  cost.  Hence  Sangeetha  Jose  et  al. 
[50]  proposed  a blind  anonymous  identity  based  encryption  (/7Baibe)  in  random  oracle  model.  Comparison  of  proposed 
blind  anonymous  identity  based  encryption  with  existing  scheme  is  shown  in  Table  2. 
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Table  2:  Comparison  of  Proposed  Scheme  77BAibe  with  Existing  Schemes 


Scheme 

Number  of 
Secret  Key 
Components 

Number  of 

Ciphertext 

Components 

Number  of 
Pairings  in 
Decryption 

ICamenisch  et  al. 

pop]) 

5 

6 

5 

1 Green  and  Hohen-l 
\berger  (|2007)) 

2 

3 

2 

\Lin  et  al.  (2011) 

3 

4 

3 

Proposed  Scheme 
iris.'^rsg) 

2 

2 

2 

The  number  of  cipher  text  components  was  less  in  the  proposed  scheme.  The  decryption  process  also  required 
simple  computation  as  compared  with  existing  schemes. 

Certificate  less  signature  scheme  overwhelms  the  drawbacks  of  public  key  infrastructure  based  and  identity  based 
signature  schemes,  since  it  does  not  require  certificate  management  as  well  as  it  does  not  possess  key  escrow  problem.  Due 
to  its  merits,  different  certificate  less  blind  signatures  [[51],  [52],  [53]]  were  constructed.  Due  to  the  uncertified  nature  of 
the  public  key,  an  adversary  (Type  I)  in  the  certificate  less  system  can  replace  user’s  public  key  with  another  value  of  his 
own  choice.  The  second  type  of  adversary  (Type  II)  represents  a malicious  key  generation  centre  (KGC)  who  generates 
partial  private  key  for  the  users.  Yang  et  al.  [51]  proposed  a certificate  less  blind  signature  scheme  which  is  provably 
secure  against  Type  I and  Type  II  adversaries  under  random  oracle  model  and  claimed  that  it  can  be  used  in  e-commerce. 
Sun  and  Wen  [52]  put  forwarded  two  new  certificates  less  blind  signature  schemes  based  on  Choi  et  al.  [54]  certificate  less 
signature  scheme.  Authors  claimed  that,  these  schemes  need  less  computational  cost  and  satisfy  the  properties  of  blind 
signatures.  Zhang  and  Gao  [53]  also  proposed  a certificate  less  blind  signature  scheme  which  is  proven  to  be  secure  in  the 
random  oracle  model.  The  security  proof  was  based  on  computational  Diffie-Hellman  problem  and  the  bilinear  pairing 
inversion  problem  (BPI).  However  these  schemes  claimed  the  security  without  giving  detailed  mathematical  proofs.  Hence 
Sangeetha  Jose  et  al.  [55]  constructed  a new  certificate  less  blind  signature  scheme  (77clbs)  and  proved  that  it  was  secure 
under  computational  Diffie-Hellman  (CDH)  and  chosen-target  CDH  assumptions.  Comparison  of  the  proposed  scheme 
with  existing  scheme  is  shown  in  Table  III. 


Table  3:  Comparison  of  Scheme  77Clbs  with  Existing  Schemes 


Scheme 

Security  Proof 

Hardness  As- 
sumption 

Probability  (Ad- 
vantage of  the 
Adversary) 

Yang  et  al. 
([2009]) 

Existentially  Unforge- 
able  (Only  Theorem 
statement) 

Type-1  k-CCA, 
Type-2  mICDH 

No  Probability 

Analysis  is  given 

1 Sun and \ 

Weii\  ([2Q09D 
Scheme  1 

Unforgeable  (similar 
to  |Choi  et  aT. } (|2007])'s 
CLS  scheme) 

Type-1  CDH, 
Type-2  mICDH 

No  Probability 

Analysis  is  given 

1 Sun and\ 

Wen  i mm 

Scheme  2 

Unforgeable  (similar 
to  |Choi  et  al. | ([2007])'s 
CLS  scheme) 

Type-1  k-CAA, 
Type-2  mICDH 

No  Probability 

Analysis  is  given 

| Ztumg  and\ 

[Qw]  (f2030|) 

Unforgeable  (Only 
Theorem  statement) 

Type-1  q-SDH, 
Type-2  BPI 

No  Probability 

Analysis  is  given 

Scheme(Y\c£<Bs ) 

Strongly  Unforgeable 
(Both  Type  1 and 
2)  Detailed  Proof  is 
given 

Type-1  CDH 

and  ct-CDH 

Type-2  ct-CDH 

Detailed  Proba- 

bility Analysis  is 
given 
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IV.  CONCLUSIONS  AND  FUTURE  SCOPE 

In  this  paper  we  explore  variants  of  blind  signatures  based  on  number  theory,  coding  theory  and  lattice  based 
concepts.  According  to  the  detailed  study,  the  design  of  the  proposed  schemes  in  the  standard  model  would  be  a good 
problem  to  be  work  on.  Since  there  is  less  number  of  cryptosystems  based  on  lattice  concepts,  we  can  also  attempt  to 
construct  certificate  less  blind  signatures  based  on  lattice  based  concepts.  Even  though  coding  theory  assures  more  efficient 
cryptosystem,  existing  coding  theory  blind  signatures  has  large  signature  size.  It  could  be  a nice  solution  if  we  could 
construct  short  blind  signatures  with  the  help  of  coding  theory.  In  short,  this  paper  discusses  and  elaborates  variants  of 
blind  signatures  with  its  eminent  real  world  applications  with  future  research  scope. 
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